Vulnerabilities > CVE-2006-4660 - HTML Injection and Unauthorized Access vulnerability in ICQ INC ICQ Toolbar 1.3Forinternetexplorer

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

icq-inc

NVD

Published: 2006-09-09

Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.

Vulnerable Configurations

Part	Description	Count
Application	Icq_Inc ICQ INC ICQ Toolbar 1.3_For_Internet_Explorer	1

References

http://secunia.com/advisories/21809
http://securityreason.com/securityalert/1523
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
http://www.securityfocus.com/archive/1/445515/100/0/threaded
http://www.securityfocus.com/bid/19900
http://www.vupen.com/english/advisories/2006/3528
https://exchange.xforce.ibmcloud.com/vulnerabilities/28809